Community discussions

MikroTik App
 
monkeybike
newbie
Topic Author
Posts: 36
Joined: Tue May 12, 2015 6:39 pm

Block all outbound ports except DNS, Http and Https

Tue May 26, 2015 2:35 pm

Hi All,

Very new to Microtik but have used other firewalls in the past. So have the basic concepts.

What I want to do is.

Block all outbound ports except DNS queries, Http and Https on my Wifi LAN Hostpsot I am running on ethernet 5

So way the unit is set

Ethernet 1 is WAN (internet connection
Ethernet 2 is LAN ( 192.168.1.0/24)
Ethernet 5 is a WIfi LAN Hotspot on 10.1.0.0/24

I want Ethernet 5 to be really restricted in terms of what it can go out and do.

Would also ideally like to block torrenting if thats possible.

I use Winbox, but have been doing some terminal commands.

Regards

Richy
 
User avatar
dgnevans
Member
Member
Posts: 469
Joined: Fri Mar 08, 2013 11:24 am
Location: Zimbabwe
Contact:

Re: Block all outbound ports except DNS, Http and Https

Wed May 27, 2015 3:43 pm

To block all ip traffic except the ones you listed
ip firewall filter
add chain=forward action=accept protocol=tcp src-address=10.1.0.0/24 dst-address=0.0.0.0/0 dst-port=53
add chain=forward action=accept protocol=udp src-address=10.1.0.0/24 dst-address=0.0.0.0/0 dst-port=53
add chain=forward action=accept protocol=tcp src-address=10.1.0.0/24 dst-address=0.0.0.0/0 dst-port=80
add chain=forward action=accept protocol=tcp src-address=10.1.0.0/24 dst-address=0.0.0.0/0 dst-port=443
add chain=forward action=accept  connection-state=established protocol=tcp 
add chain=forward action=drop src-address=10.1.0.0/24 dst-address=0.0.0.0/0
The top two rules will allow dns traffic and number 3 http number 4 https. All other traffic on 10.1.0.0/24 network will be blocked.

I have found that if you configure your firewall filter rules to allow your normal ports (http,ftp,smtp,ssmtp etc etc) that are used then torrent applications don't work. If you want an idea I can post a copy of my firewall filter to give you an idea.
 
monkeybike
newbie
Topic Author
Posts: 36
Joined: Tue May 12, 2015 6:39 pm

Re: Block all outbound ports except DNS, Http and Https

Thu May 28, 2015 12:13 pm

Thanks DG

That worked a treat.

Richy
 
fctaddia
just joined
Posts: 1
Joined: Sun May 02, 2021 2:19 am

Re: Block all outbound ports except DNS, Http and Https

Sun May 02, 2021 2:22 am

To block all ip traffic except the ones you listed
ip firewall filter
add chain=forward action=accept protocol=tcp src-address=10.1.0.0/24 dst-address=0.0.0.0/0 dst-port=53
add chain=forward action=accept protocol=udp src-address=10.1.0.0/24 dst-address=0.0.0.0/0 dst-port=53
add chain=forward action=accept protocol=tcp src-address=10.1.0.0/24 dst-address=0.0.0.0/0 dst-port=80
add chain=forward action=accept protocol=tcp src-address=10.1.0.0/24 dst-address=0.0.0.0/0 dst-port=443
add chain=forward action=accept  connection-state=established protocol=tcp 
add chain=forward action=drop src-address=10.1.0.0/24 dst-address=0.0.0.0/0
The top two rules will allow dns traffic and number 3 http number 4 https. All other traffic on 10.1.0.0/24 network will be blocked.

I have found that if you configure your firewall filter rules to allow your normal ports (http,ftp,smtp,ssmtp etc etc) that are used then torrent applications don't work. If you want an idea I can post a copy
of my firewall filter to give you an idea.
I have the problem that torrents no longer work even if several years have passed, it would be useful if I could turn over your configuration.
 
sebus46
newbie
Posts: 31
Joined: Sat Jun 17, 2023 4:59 pm

Re: Block all outbound ports except DNS, Http and Https

Tue Jun 20, 2023 6:55 pm

Either allow access from your torrent machine by IP or MAC OR figure out all the ports that torrent requires & allow them instead
Just a tiny bit of logic
Last edited by sebus46 on Tue Jun 20, 2023 7:36 pm, edited 1 time in total.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11968
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Block all outbound ports except DNS, Http and Https

Tue Jun 20, 2023 6:58 pm

Just a tiny bit of logic

Surely that user waited for you, two years and a month later, for you to reply.

Don't resurrect posts in such a useless way, just a tiny bit of logic.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Block all outbound ports except DNS, Http and Https

Wed Jun 21, 2023 4:42 am

hahaha, how far back would one have to look to even find that thread.....................

Who is online

Users browsing this forum: BrateloSlava, dioeyandika, dmconde and 58 guests